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REMARKS 

In response to an Official Action dated August 10, 2006, Applicant respectfully submits 
the following remarks. This application contains claims 55-105, all of which were rejected in the 
Official Action. Reconsideration is requested in view of the remarks that follow. 

Applicant thanks Examiners Tran and Louis- Jacques for the courtesy of a personal 
interview with Applicant's representative, Daniel Kligler (Reg. No. 41,120), held at the USPTO on 
May 22, 2006. Applicant's representative discussed the distinction of the claimed invention over 
the references that were cited by the Examiner in the previous Official Action in this case (dated 
April 10, 2006), and also pointed out an apparent error in the Official Action. The Examiners 
agreed to reconsider the references and issue a new Official Action. 

Claims 55-57, 59-64, 66-71, 79-81, 83-87, 89-94 and 102-104 were rejected under 35 
U.S.C. 103(a) over Hunt (U.S. Patent 6,496,855) in view of Dan et al. (U.S. Patent 6,560,639). 
Applicant respectfully traverses this rejection. 

Hunt describes a Web site registration proxy system, in which a registration agent site 
serves as an intermediary between an Internet user and other sites. The agent allows users to 
register with new sites automatically and to move between registered sites via a single interface 
(abstract). A registration processing system is responsible for submitting user data to new sites, and 
includes the functionality of identifying and resolving conflicts between the user's privacy 
preferences and the site's policies (col. 5, lines 34-45). 

Dan describes a web management system including a database having a directory 
structure in which each web page of a web site is associated with attributes of the web page 
(abstract). An exemplary directory of this sort is shown in Figs. 5a and 5b (described in col. 13, 
lines 23-40). The attributes in the directory do not include privacy attributes. Dan mentions privacy 
only in passing, in the context of a virtual private network (col. 27, lines 65 - col. 28, line 8), and 
makes no mention at all of web site privacy policies. 

Independent claim 55 recites a computer-implemented method for privacy management 
that permits an enterprise to assign different, respective privacy policies to different Web pages on 
the same Web site , which belongs to the enterprise. Different portions of the information that a user 
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exchanges with the Web site are subject to different privacy policies, depending on the Web page 
through which the information is exchanged with the enterprise. 

The Examiner acknowledged in the Official Action that Hunt does not teach 
"assigning. . . non-uniform privacy policies to at least some of the Web pages" on a Web site, but 
held that the combination of Hunt and Dan renders claim 55 obvious, because Dan describes page- 
specific attributes and objects (col. 4, lines 6-63). As noted above, however, Dan neither teaches 
nor suggests that these page-specific attributes might include attributes of privacy policy . 

The Examiner went on to assert (page 4, second paragraph in the Official Action) that "It 
would have been obvious. . . to modify the teachings of ' 855, a Web site registration proxy system to 
recognize that web sites establish their own privacy policies with respect to individual web pages." 
The Examiner provided no basis whatsoever in the cited art for this assertion other than a general 
statement in Dan (col. 1, lines 35 et seq) about the complexity of managing content on the Web. It 
is remarkable that among the many attributes that Dan lists, privacy does not appear at all. The 
Examiner has failed to cite any reference that describes or even suggests assigning different privacy 
policies to different pages in a single Web site, as required by claim 55. 

Actually, the only basis at hand for the Examiner's assertion that "web sites establish 
their own privacy policies with respect to individual web pages" is impermissible hindsight from the 
teachings of the present patent application. The fact that Dan does not relate to privacy attributes of 
individual pages actually supports Applicant's position that this sort of differential privacy function 
was not known in the art prior to the present invention (see page 3, lines 14-18, in the present patent 
application). 

According to MPEP 2143.03: "To establish prima facie obviousness of a claimed 
invention, all the claim limitations must be taught or suggested by the prior art. In re Royka, 490 
F.2d981, 180USPQ580(CCPA 1974)." The Examiner has failed to show that a key claim 
element - assigning different privacy attributes to different pages on the same Web site - was taught 
or suggested anywhere in the prior art. 
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Therefore, claim 55 is believed to be patentable over the cited art. In view of the 
patentability of claim 55, claims 56, 57, 59-64, 66 and 67, which depend from claim 55, are also 
believed to be patentable. 

Independent claim 68 recites a computer-implemented method for privacy management 
in which nodes in a body of information are assigned privacy rules hierarchically. Each node 
(except the root node) has one or more ancestors in the hierarchy, and at least some of the nodes 
have their own respective privacy rules. The computer computes the specific privacy policy for any 
given node by combining the privacy rules assigned to the given node with the privacy policies of 
the ancestor nodes of the given node in the hierarchy. 

The Examiner acknowledged in the Official Action that Hunt does not teach "arranging a 
body of information in a hierarchy of nodes" with a root node and ancestor nodes (page 7, last 
paragraph in the Official Action), but still maintained that Hunt does teach "computing a node 
privacy policy for the given node by combining the privacy rules assigned to the given node with 
node privacy policies of the ancestor nodes of the given node in the hierarchy." These two 
statements appear to contradict one another: If Hunt does not have a hierarchy of nodes, how can 
Hunt possibly teach a method of computing a privacy policy that explicitly uses ancestor nodes in 
the hierarchy? 

In support of the assertion that Hunt teaches "computing a node privacy policy. . . by 
combining the privacy rules assigned to the given node with node privacy policies of the ancestor 
nodes," the Examiner cited col. 6, lines 6-43, in Hunt. The cited passage refers to "Site Data 
Requirements (SDR)," which are stored in Hunt's registration profile database. The SDR includes 
the "site's data privacy policies" (line 13). There is no mention, however, in this passage or 
anywhere else in Hunt of computing a privacy policy by combining privacy rules or policies of 
different nodes in a body of information , as recited in claim 68. Hunt's site privacy policy is simply 
a given, which is presumably established by the site owner without any sort of "computation." 

As noted above, Dan does not mention privacy policies at all. The passage in Dan that 
the Examiner cited against claim 68 (col. 2, line 59 - col. 3, line 43) says nothing about any sort of 
hierarchy-based computation. 
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Thus, again, the Examiner has failed to show that a key claim element - in this case, 
computation of privacy policies by combination over nodes in a hierarchy - was taught or suggested 
anywhere in the prior art. Therefore, claim 68 is believed to be patentable over the cited art. In 
view of the patentability of claim 68, claims 69-71, which depend from claim 68, are also believed 
to be patentable. 

Notwithstanding the patentability of independent claims 55 and 68, the dependent claims 
are also believed to recite independently-patentable subject matter. For the sake of brevity, 
Applicant will refrain from arguing the patentability of every one of the dependent claims, but a 
number of examples will be presented below. 

Claim 60 depends from claim 55 and refers to a user who has exchanged information 
with a first Web page on an enterprise Web site, subject to the privacy policy that is assigned to the 
first Web page. Claim 60 adds that this user is informed of a difference in the privacy policy 
assigned to a second Web page relative to that of the first Web page before the user exchanges 
further information with the second Web page. In rejecting this claim, the Examiner cited col. 5, 
lines 44-45, in Hunt. This passage refers to "identifying and resolving conflicts between the user's 
privacy preferences and the site's policies." Hunt makes no suggestion that there might be 
differences in the privacy policies assigned to different Web pages on the site, and thus does not 
even hint that a user might be informed of these differences after exchanging information with a 
first Web page on the site, as required by claim 60. Therefore, claim 60 is believed to be 
independently patentable. 

Claim 61 depends from claim 55 and adds that when a change is made in the privacy 
policy assigned to a Web page, a user who has already exchanged information with that Web page 
subject to the previous privacy policy is informed of the change. In rejecting this claim, the 
Examiner cited col. 3, lines 52-67, in Hunt. The cited paragraph describes the functions of Hunt's 
registration agent site, which provides a central repository of all personal information that a user is 
prepared to give out to Web sites. Hunt makes no mention of changes in site (or page) privacy 
policies. He therefore cannot be taken to suggest a step of informing a user of such a change, let 
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alone informing a user who has already submitted information to the site. Therefore, claim 61 is 
believed to be independently patentable. 

Claim 67 depends from claim 55 and adds that different user classes are defined, and 
different privacy policies are defined for the same Web page to apply to the different user classes. 
In rejecting this claim, the Examiner cited col. 7, lines 52-65, in Hunt. This passage refers to 
grouping of user information belonging to a single, given user. Hunt makes no mention of different 
user classes, and thus does not even faintly suggest that different user classes might be subject to 
different privacy policies on the same Web page. Therefore, claim 67 is believed to be 
independently patentable. 

Claim 71 depends from claim 68 and adds that the privacy rules assigned to each node 
are represented as policy sections, which are written in XML and comprise an attribute identifying 
the parent of the node. In rejecting this claim, the Examiner cited col. 5, line 55, through col 6, line 
5, in Hunt, and col. 20, lines 17-31, in Dan. 

In the cited passage, Hunt describes "a simple way to supply data to sites": The 
registration agent submits user information to Web sites using HTML forms and HTTP commands. 
There is no mention in this passage or anywhere else in Hunt that HTML might be used to represent 
privacy policy sections. Even if there were such a mention, HTML is a different language from 
XML, with different properties. Furthermore, Hunt neither teaches nor suggests that policy sections 
written in any markup language might have an attribute identifying a parent node in a hierarchy, as 
required by this claim. 

The cited passage in Dan refers to "templates" that "govern the 'look and feel' of a 
page" (lines 17-18). The templates may be in HTML, XML, or VRML (lines 26-27). Dan, like 
Hunt, makes no mention or suggestion of the possibility that XML could be used in writing privacy 
policy sections, or that XML policy sections of any sort might have an attribute identifying a parent 
node in a hierarchy, as required by claim 71. 

Therefore, claim 71 is believed to be independently patentable. 

Claims 79-81, 83-87, 89-94 and 102-104 recite apparatus and computer software 
products that operate on principles similar to the methods of claims 55-57, 59-64, 66-71. Claims 
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79-81, 83-87, 89-94 and 102-104 are therefore believed to be patentable for the reasons explained 
above. 

Claims 58, 65, 72-78, 82, 88, 95-101 and 105 were rejected under 35 U.S.C. 103(a) over 
Hunt in view of Dan, and further in view of Itabashi et al. (U.S. Patent 6,308,203). Applicant 
respectfully traverses this rejection. 

Claims 58, 65, 82 and 88 depend from independent claims 55 and 79. In view of the 
patentability of these independent claims, as explained above, claims 58, 65, 82 and 88 are also 
believed to be patentable. Furthermore, claims 58 and 82 recite elements similar to those of 
independent claims 72 and 95 and are believed to be independently patentable for the reasons 
explained below with respect to claim 72. 

Independent claim 72 recites a computer-implemented method for privacy management 
in which an application requesting private user information is queried in order to determine its 
compliance with the privacy policies subject to which the information in question was received 
from the user. The query to the application is issued when the application submits its request . In 
other words, claim 72 recites the sequential steps of intercepting a request from an application and 
then querying the application to determine compliance before providing user information to the 
application. 

Itabashi describes a method and apparatus for providing user personal information to an 
information provider by pre-storing the personal information in a profile database of a server. 
When the user accesses a service provider device, and the service provider device requests personal 
information, the request is referred to the server. The server reads the personal information from the 
database and transfers it to the service provider device (abstract and col. 7, lines 35-65). 

In rejecting claim 72, the Examiner cited steps S21 and S27 in Itabashi and col. 4, lines 
30-53, as purportedly teaching the step of "intercepting a request from an application." Steps S21 
and S27 refer to transfer of a request and control data from the user's terminal device to a proxy as 
part of a processing operation in which the user receives the provision of a service (col. 8, lines 15- 
18). These steps have nothing to do with interception of any sort of communications. The cited 
passage in col 4 refers to detecting simultaneous access operations made from a user (lines 30-35) 
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and detecting unauthorized access to the personal information (lines 36-40). The purpose of this 
detection is to prevent another user from making unauthorized use of the personal information 
recorded in the server (col. 13, lines 3-11). 

Thus, even if Itabashi's detection of user communications could be considered 
"interception," it relates solely to detection of unauthorized access by other users. There is no 
reason to query these unauthorized users to determine their compliance with privacy policies, since 
by definition they are in violation of the server's privacy policies and will be denied access 
immediately. Therefore, a person of ordinary skill in the art could not have learned from Itabashi 
the step of "intercepting a request from an application" as a precursor to "querying the application 
to determine compliance. . . with the privacy policies/ ' as required by claim 72. The Examiner 
acknowledged (page 15, second paragraph, in the Official Action) that such a teaching is also absent 
from Hunt and Dan. 

Consequently, a person of ordinary skill in the art would have been unable and 
unmotivated to combine the teachings of Hunt, Dan and Itabashi to arrive at the method recited in 
claim 72. This claim is therefore believed to be patentable over the cited art. In view of the 
patentability of claim 72, dependent claims 73-78 are also believed to be patentable. 

Furthermore, these dependent claims are believed to recite independently-patentable 
subject matter, notwithstanding the patentability of claim 72. For example, claim 74 recites the 
added feature that non-uniform privacy policies are associated with different resources of the 
enterprise. This feature is similar to the elements of claim 55. As explained above, Hunt and Dan 
neither teach nor suggest these elements. Therefore, claim 74 is believed to be independently 
patentable. 

Claims 95-101 and 105 recite apparatus and computer software products that operate on 
principles similar to the methods of claims 72-78. Therefore, for the reasons explained above with 
respect to claims 72-78, claims 95-101 and 105 are also believed to be patentable over the cited art. 

Applicant believes the amendments and remarks presented hereinabove to be fully 
responsive to all of the grounds of rejection raised by the Examiner. In view of these amendments 
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and remarks, Applicant respectfully submits that all of the claims in the present application are in 
order for allowance. Notice to this effect is hereby requested. 



Dated: October 27, 2006 
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